PTR Uncovers "Serious Network Vulnerability" at Cake Poker Network

In the alert, PTR claims that the lax security at the Cake Poker network "leaves player's accounts as well as hole cards vulnerable to being stolen by any third party who is between the player and Cake's servers, as well as anyone who can snoop on their traffic." PTR also claims that the Cake Poker network is using a much weaker encryption method than what they claim on their site.

This is similar to the encryption issue at the Cereus network that PTR also discovered (Cereus subsequently fixed the issue after a number of days). PTR claims that the Cake Poker Network doesn't use SSL to encrypt their communications, instead relying on a much weaker "XOR-based" form of encryption. This has apparently left the network vulnerable, as the people behind PTR were apparently able to "steal usernames and passwords" and view hole cards as they were dealt.

PTR goes on to say that the issue is severe and that "no matter what kind of network you play on you are at risk on the Cake network".

PTR claims that people who are playing on "public unsecured wireless" and "public secured wireless" are at the highest risk of having their accounts compromised.

PTR recommends changing your password and discontinuing your play on the Cake Poker network until the problem has been fixed.

According to their web site, Cake Poker claims to use the "accepted industry standard 256-bit TwoFish encryption algorithm."

This is apparently not true.

Lee Jones (Cake Poker Cardroom Manager) posted on 2+2 earlier today and said that "I owe the entire Cake poker community an apology: I am very very sorry." He said that he will have an official statement on the matter "shortly".

The entire online poker community owes PTR a debt of gratitude. In the past few months, the site has identified security vulnerabilities at two major poker networks (Cereus and Cake) as well as busting a large bot ring on Pokerstars.